<?include("database.php");include("mailer.php");include("form.php");

1. <?
2.  
3. include("database.php");
4.  
5. include("mailer.php");
6.  
7. include("form.php");
8.  
9.  
10.  
11. class Session
12.  
13. {
14.  
15. var $username; //Username given on sign-up
16.  
17. var $userid; //Random value generated on current login
18.  
19. var $userlevel; //The level to which the user pertains
20.  
21. var $time; //Time user was last active (page loaded)
22.  
23. var $logged_in; //True if user is logged in, false otherwise
24.  
25. var $userinfo = array(); //The array holding all user info
26.  
27. var $url; //The page url current being viewed
28.  
29. var $referrer; //Last recorded site page viewed
30.  
31. var $tribe;
32.  
33. var $act;
34.  
35. var $uid;
36.  
37. var $vinfo;
38.  
39. var $finfo;
40.  
41. /* Class constructor */
42.  
43. function Session(){
44.  
45. $this->time = time();
46.  
47. $this->startSession();
48.  
49. }
50.  
51.  
52.  
53. /**
54.  
55. * startSession - Performs all the actions necessary to
56.  
57. * initialize this session object. Tries to determine if the
58.  
59. * the user has logged in already, and sets the variables
60.  
61. * accordingly. Also takes advantage of this page load to
62.  
63. * update the active visitors tables.
64.  
65. */
66.  
67. function startSession(){
68.  
69. global $database; //The database connection
70.  
71. session_start(); //Tell PHP to start the session
72.  
73.  
74.  
75. /* Determine if user is logged in */
76.  
77. $this->logged_in = $this->checkLogin();
78.  
79.  
80.  
81. /**
82.  
83. * Set guest value to users not logged in, and update
84.  
85. * active guests table accordingly.
86.  
87. */
88.  
89. if(!$this->logged_in){
90.  
91. $this->username = $_SESSION['username'] = GUEST_NAME;
92.  
93. $this->userlevel = GUEST_LEVEL;
94.  
95. $database->addactiveguest($_SERVER['REMOTE_ADDR'], $this->time); <--- aca estaria el error pero no se como solucionarlo  >:(
96.  
97. }
98.  
99. /* Update users last active timestamp */
100.  
101. else{
102.  
103. $database->addActiveUser($this->username, $this->time);
104.  
105. }
106.  
107.  
108.  
109. /* Remove inactive visitors from database */
110.  
111. $database->removeInactiveUsers();
112.  
113. $database->removeInactiveGuests();
114.  
115.  
116.  
117. /* Set referrer page */
118.  
119. if(isset($_SESSION['url'])){
120.  
121. $this->referrer = $_SESSION['url'];
122.  
123. }else{
124.  
125. $this->referrer = "/";
126.  
127. }
128.  
129.  
130.  
131. /* Set current url */
132.  
133. $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
134.  
135. }
136.  
137.  
138.  
139. /**
140.  
141. * checkLogin - Checks if the user has already previously
142.  
143. * logged in, and a session with the user has already been
144.  
145. * established. Also checks to see if user has been remembered.
146.  
147. * If so, the database is queried to make sure of the user's
148.  
149. * authenticity. Returns true if the user has logged in.
150.  
151. */
152.  
153. function checkLogin(){
154.  
155. global $database; //The database connection
156.  
157. /* Check if user has been remembered */
158.  
159. if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
160.  
161. $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
162.  
163. $this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
164.  
165. }
166.  
167.  
168.  
169. /* Username and userid have been set and not guest */
170.  
171. if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
172.  
173. $_SESSION['username'] != GUEST_NAME){
174.  
175. /* Confirm that username and userid are valid */
176.  
177. if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
178.  
179. /* Variables are incorrect, user not logged in */
180.  
181. unset($_SESSION['username']);
182.  
183. unset($_SESSION['userid']);
184.  
185. return false;
186.  
187. }
188.  
189.  
190.  
191. /* User is logged in, set class variables */
192.  
193. $this->userinfo = $database->getUserInfo($_SESSION['username']);
194.  
195. $this->username = $this->userinfo['username'];
196.  
197. $this->userid = $this->userinfo['userid'];
198.  
199. $this->userlevel = $this->userinfo['userlevel'];
200.  
201. $this->tribe = $this->userinfo['tribe'];
202.  
203. $this->act = $this->userinfo['act'];
204.  
205. $this->uid = $this->userinfo['id'];
206.  
207. $this->vinfo = $database->getVillageInfo($this->uid);
208.  
209. $this->finfo = $database->getFieldInfo($this->vinfo['fid']);
210.  
211. return true;
212.  
213. }
214.  
215. /* User not logged in */
216.  
217. else{
218.  
219. return false;
220.  
221. }
222.  
223. }
224.  
225.  
226.  
227. /**
228.  
229. * login - The user has submitted his username and password
230.  
231. * through the login form, this function checks the authenticity
232.  
233. * of that information in the database and creates the session.
234.  
235. * Effectively logging in the user if all goes well.
236.  
237. */
238.  
239. function login($subuser, $subpass, $subremember){
240.  
241. global $database, $form; //The database and form object
242.  
243.  
244.  
245. /* Username error checking */
246.  
247. $field = "user"; //Use field name for username
248.  
249. if(!$subuser || strlen($subuser = trim($subuser)) == 0){
250.  
251. $form->setError($field, "* Username not entered");
252.  
253. }
254.  
255. else{
256.  
257. /* Check if username is not alphanumeric */
258.  
259. if(!eregi("^([0-9a-z])*$", $subuser)){
260.  
261. $form->setError($field, "* Username not alphanumeric");
262.  
263. }
264.  
265. }
266.  
267.  
268.  
269. /* Password error checking */
270.  
271. $field = "pass"; //Use field name for password
272.  
273. if(!$subpass){
274.  
275. $form->setError($field, "* Password not entered");
276.  
277. }
278.  
279.  
280.  
281. /* Return if form errors exist */
282.  
283. if($form->num_errors > 0){
284.  
285. return false;
286.  
287. }
288.  
289.  
290.  
291. /* Checks that username is in database and password is correct */
292.  
293. $subuser = stripslashes($subuser);
294.  
295. $result = $database->confirmUserPass($subuser, md5($subpass));
296.  
297.  
298.  
299. /* Check error codes */
300.  
301. if($result == 1){
302.  
303. $field = "user";
304.  
305. $form->setError($field, "* Username not found");
306.  
307. }
308.  
309. else if($result == 2){
310.  
311. $field = "pass";
312.  
313. $form->setError($field, "* Invalid password");
314.  
315. }
316.  
317.  
318.  
319. /* Return if form errors exist */
320.  
321. if($form->num_errors > 0){
322.  
323. return false;
324.  
325. }
326.  
327.  
328.  
329. /* Username and password correct, register session variables */
330.  
331. $this->userinfo = $database->getUserInfo($subuser);
332.  
333. $this->username = $_SESSION['username'] = $this->userinfo['username'];
334.  
335. $this->userid = $_SESSION['userid'] = $this->generateRandID();
336.  
337. $this->userlevel = $this->userinfo['userlevel'];
338.  
339. $this->act = $this->userinfo['act'];
340.  
341. $this->tribe = $this->userinfo['tribe'];
342.  
343. $this->uid = $this->userinfo['id'];
344.  
345. $this->vinfo = $database->getVillageInfo($this->uid);
346.  
347. $this->finfo = $database->getFieldInfo($this->vinfo['fid']);
348.  
349. /* Insert userid into database and update active users table */
350.  
351. $database->updateUserField($this->username, "userid", $this->userid);
352.  
353. $database->addActiveUser($this->username, $this->time);
354.  
355. $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
356.  
357.  
358.  
359. /**
360.  
361. * This is the cool part: the user has requested that we remember that
362.  
363. * he's logged in, so we set two cookies. One to hold his username,
364.  
365. * and one to hold his random value userid. It expires by the time
366.  
367. * specified in constants.php. Now, next time he comes to our site, we will
368.  
369. * log him in automatically, but only if he didn't log out before he left.
370.  
371. */
372.  
373. if($subremember){
374.  
375. setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
376.  
377. setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
378.  
379. }
380.  
381.  
382.  
383. /* Login completed successfully */
384.  
385. return true;
386.  
387. }
388.  
389.  
390.  
391. /**
392.  
393. * logout - Gets called when the user wants to be logged out of the
394.  
395. * website. It deletes any cookies that were stored on the users
396.  
397. * computer as a result of him wanting to be remembered, and also
398.  
399. * unsets session variables and demotes his user level to guest.
400.  
401. */
402.  
403. function logout(){
404.  
405. global $database; //The database connection
406.  
407. /**
408.  
409. * Delete cookies - the time must be in the past,
410.  
411. * so just negate what you added when creating the
412.  
413. * cookie.
414.  
415. */
416.  
417. if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
418.  
419. setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
420.  
421. setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
422.  
423. }
424.  
425.  
426.  
427. /* Unset PHP session variables */
428.  
429. unset($_SESSION['username']);
430.  
431. unset($_SESSION['userid']);
432.  
433.  
434.  
435. /* Reflect fact that user has logged out */
436.  
437. $this->logged_in = false;
438.  
439.  
440.  
441. /**
442.  
443. * Remove from active users table and add to
444.  
445. * active guests tables.
446.  
447. */
448.  
449. $database->removeActiveUser($this->username);
450.  
451. $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
452.  
453.  
454.  
455. /* Set user level to guest */
456.  
457. $this->username = GUEST_NAME;
458.  
459. $this->userlevel = GUEST_LEVEL;
460.  
461. }
462.  
463.  
464.  
465. /**
466.  
467. * register - Gets called when the user has just submitted the
468.  
469. * registration form. Determines if there were any errors with
470.  
471. * the entry fields, if so, it records the errors and returns
472.  
473. * 1. If no errors were found, it registers the new user and
474.  
475. * returns 0. Returns 2 if registration failed.
476.  
477. */
478.  
479. function register($subuser, $subpass, $subemail, $tribe, $agb){
480.  
481. global $database, $form, $mailer; //The database, form and mailer object
482.  
483.  
484.  
485. /* Username error checking */
486.  
487. $field = "user"; //Use field name for username
488.  
489. if(!$subuser || strlen($subuser = trim($subuser)) == 0){
490.  
491. $form->setError($field, "* Username not entered");
492.  
493. }
494.  
495. else{
496.  
497. /* Spruce up username, check length */
498.  
499. $subuser = stripslashes($subuser);
500.  
501. if(strlen($subuser) < 5){
502.  
503. $form->setError($field, "* Username below 5 characters");
504.  
505. }
506.  
507. else if(strlen($subuser) > 15){
508.  
509. $form->setError($field, "* Username above 15 characters");
510.  
511. }
512.  
513. /* Check if username is not alphanumeric */
514.  
515. else if(!eregi("^([0-9a-z])+$", $subuser)){
516.  
517. $form->setError($field, "* Username not alphanumeric");
518.  
519. }
520.  
521. /* Check if username is reserved */
522.  
523. else if(strcasecmp($subuser, GUEST_NAME) == 0){
524.  
525. $form->setError($field, "* Username reserved word");
526.  
527. }
528.  
529. /* Check if username is already in use */
530.  
531. else if($database->usernameTaken($subuser)){
532.  
533. $form->setError($field, "* Username already in use");
534.  
535. }
536.  
537. /* Check if username is banned */
538.  
539. else if($database->usernameBanned($subuser)){
540.  
541. $form->setError($field, "* Username banned");
542.  
543. }
544.  
545. }
546.  
547.  
548.  
549. /* Password error checking */
550.  
551. $field = "pass"; //Use field name for password
552.  
553. if(!$subpass){
554.  
555. $form->setError($field, "* Password not entered");
556.  
557. }
558.  
559. else{
560.  
561. /* Spruce up password and check length*/
562.  
563. $subpass = stripslashes($subpass);
564.  
565. if(strlen($subpass) < 4){
566.  
567. $form->setError($field, "* Password too short");
568.  
569. }
570.  
571. /* Check if password is not alphanumeric */
572.  
573. else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
574.  
575. $form->setError($field, "* Password not alphanumeric");
576.  
577. }
578.  
579. /**
580.  
581. * Note: I trimmed the password only after I checked the length
582.  
583. * because if you fill the password field up with spaces
584.  
585. * it looks like a lot more characters than 4, so it looks
586.  
587. * kind of stupid to report "password too short".
588.  
589. */
590.  
591. }
592.  
593.  
594.  
595. /* Email error checking */
596.  
597. $field = "email"; //Use field name for email
598.  
599. if(!$subemail || strlen($subemail = trim($subemail)) == 0){
600.  
601. $form->setError($field, "* Email not entered");
602.  
603. }
604.  
605. else{
606.  
607. /* Check if valid email address */
608.  
609. $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
610.  
611. ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
612.  
613. ."\.([a-z]{2,}){1}$";
614.  
615. if(!eregi($regex,$subemail)){
616.  
617. $form->setError($field, "* Email invalid");
618.  
619. }
620.  
621. $subemail = stripslashes($subemail);
622.  
623. }
624. $field = "tribe";
625.  
626. if (!$tribe) {
627. $form->setError($field, "* Tribe not selected");
628. }
629.  
630. $field = "agb";
631.  
632. if (!$agb) {
633. $form->setError($field, "*You have to agree to the terms");
634. }
635.  
636. $act = md5($this->generateRandStr(7));
637. $act = substr($act, 0, 10);
638.  
639. $_SESSION['act'] = $act;
640.  
641. /* Errors exist, have user correct them */
642.  
643. if($form->num_errors > 0){
644.  
645. return 1; //Errors with form
646.  
647. }
648.  
649. /* No errors, add the new account to the */
650.  
651. else{
652.  
653. if($database->addNewUser($subuser, md5($subpass), $subemail, $tribe, $act)){
654.  
655. $info = $database->getUserInfo($subuser);
656. $_SESSION['uid'] = $info['id'];
657.  
658. if(EMAIL_WELCOME){
659.  
660. $mailer->sendWelcome($subuser,$subemail,$subpass,$act);
661.  
662. }
663.  
664. return 0; //New user added succesfully
665.  
666. }else{
667.  
668. return 2; //Registration attempt failed
669.  
670. }
671.  
672. }
673.  
674. }
675.  
676.  
677.  
678. /**
679.  
680. * editAccount - Attempts to edit the user's account information
681.  
682. * including the password, which it first makes sure is correct
683.  
684. * if entered, if so and the new password is in the right
685.  
686. * format, the change is made. All other fields are changed
687.  
688. * automatically.
689.  
690. */
691.  
692. function editAccount($subcurpass, $subnewpass, $subemail){
693.  
694. global $database, $form; //The database and form object
695.  
696. /* New password entered */
697.  
698. if($subnewpass){
699.  
700. /* Current Password error checking */
701.  
702. $field = "curpass"; //Use field name for current password
703.  
704. if(!$subcurpass){
705.  
706. $form->setError($field, "* Current Password not entered");
707.  
708. }
709.  
710. else{
711.  
712. /* Check if password too short or is not alphanumeric */
713.  
714. $subcurpass = stripslashes($subcurpass);
715.  
716. if(strlen($subcurpass) < 4 ||
717.  
718. !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
719.  
720. $form->setError($field, "* Current Password incorrect");
721.  
722. }
723.  
724. /* Password entered is incorrect */
725.  
726. if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
727.  
728. $form->setError($field, "* Current Password incorrect");
729.  
730. }
731.  
732. }
733.  
734.  
735.  
736. /* New Password error checking */
737.  
738. $field = "newpass"; //Use field name for new password
739.  
740. /* Spruce up password and check length*/
741.  
742. $subpass = stripslashes($subnewpass);
743.  
744. if(strlen($subnewpass) < 4){
745.  
746. $form->setError($field, "* New Password too short");
747.  
748. }
749.  
750. /* Check if password is not alphanumeric */
751.  
752. else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
753.  
754. $form->setError($field, "* New Password not alphanumeric");
755.  
756. }
757.  
758. }
759.  
760. /* Change password attempted */
761.  
762. else if($subcurpass){
763.  
764. /* New Password error reporting */
765.  
766. $field = "newpass"; //Use field name for new password
767.  
768. $form->setError($field, "* New Password not entered");
769.  
770. }
771.  
772.  
773.  
774. /* Email error checking */
775.  
776. $field = "email"; //Use field name for email
777.  
778. if($subemail && strlen($subemail = trim($subemail)) > 0){
779.  
780. /* Check if valid email address */
781.  
782. $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
783.  
784. ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
785.  
786. ."\.([a-z]{2,}){1}$";
787.  
788. if(!eregi($regex,$subemail)){
789.  
790. $form->setError($field, "* Email invalid");
791.  
792. }
793.  
794. $subemail = stripslashes($subemail);
795.  
796. }
797.  
798.  
799.  
800. /* Errors exist, have user correct them */
801.  
802. if($form->num_errors > 0){
803.  
804. return false; //Errors with form
805.  
806. }
807.  
808.  
809.  
810. /* Update password since there were no errors */
811.  
812. if($subcurpass && $subnewpass){
813.  
814. $database->updateUserField($this->username,"password",md5($subnewpass));
815.  
816. }
817.  
818.  
819.  
820. /* Change Email */
821.  
822. if($subemail){
823.  
824. $database->updateUserField($this->username,"email",$subemail);
825.  
826. }
827.  
828.  
829.  
830. /* Success! */
831.  
832. return true;
833.  
834. }
835.  
836.  
837.  
838. /**
839.  
840. * isAdmin - Returns true if currently logged in user is
841.  
842. * an administrator, false otherwise.
843.  
844. */
845.  
846. function isAdmin(){
847.  
848. return ($this->userlevel == ADMIN_LEVEL ||
849.  
850. $this->username == ADMIN_NAME);
851.  
852. }
853.  
854.  
855.  
856. /**
857.  
858. * generateRandID - Generates a string made up of randomized
859.  
860. * letters (lower and upper case) and digits and returns
861.  
862. * the md5 hash of it to be used as a userid.
863.  
864. */
865.  
866. function generateRandID(){
867.  
868. return md5($this->generateRandStr(16));
869.  
870. }
871.  
872. /**
873.  
874. * generateRandStr - Generates a string made up of randomized
875.  
876. * letters (lower and upper case) and digits, the length
877.  
878. * is a specified parameter.
879.  
880. */
881.  
882. function generateRandStr($length){
883.  
884. $randstr = "";
885.  
886. for($i=0; $i<$length; $i++){
887.  
888. $randnum = mt_rand(0,61);
889.  
890. if($randnum < 10){
891.  
892. $randstr .= chr($randnum+48);
893.  
894. }else if($randnum < 36){
895.  
896. $randstr .= chr($randnum+55);
897.  
898. }else{
899.  
900. $randstr .= chr($randnum+61);
901.  
902. }
903.  
904. }
905.  
906. return $randstr;
907.  
908. }
909.  
910. };
911.  
912.  
913.  
914.  
915.  
916. /**
917.  
918. * Initialize session object - This must be initialized before
919.  
920. * the form object because the form uses session variables,
921.  
922. * which cannot be accessed unless the session has started.
923.  
924. */
925.  
926. $session = new Session;
927.  
928.  
929.  
930. /* Initialize form object */
931.  
932. $form = new Form;
933.  
934.  
935.  
936. ?>